last executing test programs: 325.574993ms ago: executing program 4 (id=67): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram', 0x800, 0x0) 296.058346ms ago: executing program 4 (id=72): socket$phonet_pipe(0x23, 0x5, 0x2) 273.359888ms ago: executing program 4 (id=83): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles', 0x800, 0x0) 248.582199ms ago: executing program 4 (id=88): syz_open_dev$vivid(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vivid(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vivid(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vivid(&(0x7f0000000100), 0x0, 0x800) 224.505822ms ago: executing program 4 (id=93): fdatasync(0xffffffffffffffff) 223.887912ms ago: executing program 4 (id=99): syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$evdev(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$evdev(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$evdev(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$evdev(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$evdev(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$evdev(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$evdev(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$evdev(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$evdev(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$evdev(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$evdev(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$evdev(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$evdev(&(0x7f0000000500), 0x4, 0x800) 54.323875ms ago: executing program 0 (id=147): timer_settime(0x0, 0x0, &(0x7f0000000000), 0x0) 54.269075ms ago: executing program 2 (id=148): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl', 0x800, 0x0) 54.055695ms ago: executing program 3 (id=149): socket$rxrpc(0x21, 0x2, 0x0) 53.902055ms ago: executing program 0 (id=150): syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vim2m(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$vim2m(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$vim2m(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$vim2m(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$vim2m(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$vim2m(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$vim2m(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$vim2m(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$vim2m(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$vim2m(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$vim2m(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$vim2m(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$vim2m(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$vim2m(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$vim2m(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$vim2m(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$vim2m(&(0x7f0000000500), 0x4, 0x800) 53.749975ms ago: executing program 1 (id=151): socket$inet_icmp_raw(0x2, 0x3, 0x1) 53.605215ms ago: executing program 3 (id=152): msync(0x0, 0x0, 0x0) 53.272845ms ago: executing program 2 (id=153): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ndctl0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ndctl0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ndctl0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ndctl0', 0x800, 0x0) 26.967427ms ago: executing program 1 (id=154): msgget(0xffffffffffffffff, 0x0) 26.010447ms ago: executing program 0 (id=155): unshare(0x0) 25.936367ms ago: executing program 3 (id=156): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/cipso', 0x2, 0x0) 25.876737ms ago: executing program 1 (id=157): open_tree(0xffffffffffffffff, &(0x7f0000000000), 0x0) 25.647557ms ago: executing program 2 (id=158): linkat(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0) 25.601957ms ago: executing program 0 (id=159): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/urandom', 0x800, 0x0) 25.546397ms ago: executing program 1 (id=160): remap_file_pages(0x0, 0x0, 0x0, 0x0, 0x0) 25.470217ms ago: executing program 2 (id=161): socket$unix(0x1, 0x1, 0x0) 25.433037ms ago: executing program 3 (id=162): readlinkat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 1.004829ms ago: executing program 0 (id=163): rseq(&(0x7f0000000000), 0x0, 0x0, 0x0) 758.799µs ago: executing program 2 (id=164): clock_settime(0x0, &(0x7f0000000000)) 677.679µs ago: executing program 3 (id=165): chdir(&(0x7f0000000000)) 648.659µs ago: executing program 1 (id=166): ioprio_set$auto(0x0, 0x0, 0x0) 496.259µs ago: executing program 0 (id=167): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cdrom1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cdrom1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cdrom1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cdrom1', 0x800, 0x0) 253.559µs ago: executing program 1 (id=168): lsm_list_modules(&(0x7f0000000000), &(0x7f0000000000), 0x0) 82.899µs ago: executing program 3 (id=169): io_submit(0x0, 0x0, &(0x7f0000000000)) 0s ago: executing program 2 (id=170): symlinkat(&(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.52' (ED25519) to the list of known hosts. [ 25.247239][ T4030] cgroup: Unknown subsys name 'net' [ 25.502188][ T4030] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 25.763142][ T4030] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 26.608006][ T4092] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 26.983975][ T4210] mmap: syz.1.160 (4210) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 27.010038][ T4217] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 27.011247][ T4217] Modules linked in: [ 27.011873][ T4217] CPU: 0 PID: 4217 Comm: syz.3.169 Not tainted 5.15.189-syzkaller #0 [ 27.013049][ T4217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 27.014547][ T4217] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 27.015811][ T4217] pc : lookup_ioctx+0x108/0x7d0 [ 27.016604][ T4217] lr : lookup_ioctx+0xe4/0x7d0 [ 27.017343][ T4217] sp : ffff80001fa37c20 [ 27.017955][ T4217] x29: ffff80001fa37c20 x28: ffff0000cd78b680 x27: 0000000020000000 [ 27.019271][ T4217] x26: 1fffe00019af16d0 x25: 1ffff00003f46fd6 x24: ffff0000d3952280 [ 27.020577][ T4217] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 27.021960][ T4217] x20: ffff0000cd78b680 x19: 0000000000000000 x18: 0000000000000000 [ 27.023212][ T4217] x17: 0000000000000000 x16: ffff800008a19714 x15: 0000000000000000 [ 27.024528][ T4217] x14: 0000000000000000 x13: 1ffff0000282e06b x12: 0000000000ff0100 [ 27.025734][ T4217] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 27.026915][ T4217] x8 : 0000000000000000 x7 : ffff800008750ed4 x6 : 0000000000000000 [ 27.028272][ T4217] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 27.029620][ T4217] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 27.030903][ T4217] Call trace: [ 27.031402][ T4217] lookup_ioctx+0x108/0x7d0 [ 27.032067][ T4217] __arm64_sys_io_submit+0x110/0x40c [ 27.032833][ T4217] invoke_syscall+0x98/0x2b8 [ 27.033491][ T4217] el0_svc_common+0x138/0x258 [ 27.034269][ T4217] do_el0_svc+0x58/0x14c [ 27.034959][ T4217] el0_svc+0x78/0x1e0 [ 27.035622][ T4217] el0t_64_sync_handler+0xcc/0xe4 [ 27.036353][ T4217] el0t_64_sync+0x1a0/0x1a4 [ 27.037043][ T4217] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 27.038183][ T4217] ---[ end trace 7883902efa41b0d3 ]--- [ 27.222946][ T4217] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 27.224089][ T4217] SMP: stopping secondary CPUs [ 27.224911][ T4217] Kernel Offset: disabled [ 27.225702][ T4217] CPU features: 0x8,000003c1,7d33ffd9 [ 27.226469][ T4217] Memory Limit: none [ 27.400353][ T4217] Rebooting in 86400 seconds..